Merge remote-tracking branch 'remotes/origin/dev' into issue/3264

salt/common/tools/sbin/soup

@@ -161,6 +161,34 @@ check_log_size_limit() {
   fi
 }
 
+check_os_updates() {
+  # Check to see if there are OS updates
+  NEEDUPDATES="We have detected missing operating system (OS) updates. Do you want to install these OS updates now? This could take a while depending on the size of your grid and how many packages are missing, but it is recommended to keep your system updated."
+  if [[ $OS == 'ubuntu' ]]; then
+    OSUPDATES=$(apt list --upgradeable | grep -v "^Listing..." | grep -v "^docker-ce" | grep -v "^wazuh-" | grep -v "^salt-" | wc -l)
+  else
+    OSUPDATES=$(yum -q list updates | wc -l)
+  fi
+  if [[ "$OSUPDATES" -gt 0 ]]; then
+      echo $NEEDUPDATES
+      echo ""
+      read -p "Press U to update OS packages (recommended), C to continue without updates, or E to exit: " confirm
+
+      if [[ "$confirm" == [cC] ]]; then
+          echo "Continuing without updating packages"
+      elif [[ "$confirm" == [uU] ]]; then
+          echo "Applying Grid Updates"
+          salt \* -b 5 state.apply patch.os queue=True
+      else
+          echo "Exiting soup"
+          exit 0
+      fi
+  else
+      echo "Looks like you have an updated OS"
+  fi
+    
+}
+
 clean_dockers() {
   # Place Holder for cleaning up old docker images
   echo "Trying to clean up old dockers."
@@ -632,7 +660,7 @@ else
   rm -rf $UPDATE_DIR
   clone_to_tmp
 fi
-
+check_os_updates
 echo ""
 echo "Verifying we have the latest soup script."
 verify_latest_update_script
@@ -822,8 +850,6 @@ Please review the following for more information about the update process and re
 https://docs.securityonion.net/soup
 https://blog.securityonion.net
 
-Please note that soup only updates Security Onion components and does NOT update the underlying operating system (OS). When you installed Security Onion, there was an option to automatically update the OS packages. If you did not enable this option, then you will want to ensure that the OS is fully updated before running soup.
-
 Press Enter to continue or Ctrl-C to cancel.
 
 EOF

salt/repo/client/files/centos/securityonioncache.repo

@@ -67,12 +67,12 @@ gpgcheck=1
 gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/GPG-KEY-WAZUH
 enabled=1
 name=Wazuh repository
-baseurl=https://repocache.securityonion.net/file/securityonion-repo/wazuh4_repo/
+baseurl=http://repocache.securityonion.net/file/securityonion-repo/wazuh4_repo/
 protect=1
 
 [securityonion]
 name=Security Onion Repo
-baseurl=https://repocache.securityonion.net/file/securityonion-repo/securityonion/
+baseurl=http://repocache.securityonion.net/file/securityonion-repo/securityonion/
 enabled=1
 gpgcheck=1
 gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/securityonion.pub

salt/suricata/cron/surilogcompress

@@ -1,6 +1,6 @@
 #!/bin/bash
 
 # Gzip the eve logs
-find /nsm/suricata/eve*.json -type f -printf '%T@\t%p\n' | sort -t $'\t' -g |  head -n -1 |  cut -d $'\t' -f 2 | xargs nice gzip
+find /nsm/suricata/eve*.json -type f -printf '%T@\t%p\n' | sort -t $'\t' -g |  head -n -1 |  cut -d $'\t' -f 2 | xargs nice gzip >/dev/null 2>&1
 
 # TODO Add stats log

salt/suricata/threading.map.jinja

@@ -1,4 +1,18 @@
-{% if salt['pillar.get']('sensor:suriprocs') %}
+{% if salt['pillar.get']('sensor:suripins') %}
+  {% load_yaml as cpu_affinity%}
+cpu-affinity:
+  - management-cpu-set:
+      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
+  - receive-cpu-set:
+      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
+  - worker-cpu-set:
+      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]
+      mode: "exclusive"
+      threads: {{ salt['pillar.get']('sensor:suripins')|length }}
+      prio:
+        default: "high"
+  {% endload %}
+{% elif salt['pillar.get']('sensor:suriprocs') %}
   {% load_yaml as cpu_affinity%}
 cpu-affinity:
   - management-cpu-set:
@@ -15,18 +29,4 @@ cpu-affinity:
         high: [ 3 ]
         default: "high"
   {% endload %}
-{% elif salt['pillar.get']('sensor:suripins') %}
-  {% load_yaml as cpu_affinity%}
-cpu-affinity:
-  - management-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
-  - receive-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
-  - worker-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]
-      mode: "exclusive"
-      threads: {{ salt['pillar.get']('sensor:suripins')|length }}
-      prio:
-        default: "high"
-  {% endload %}
 {% endif %}

setup/so-functions

@@ -175,10 +175,8 @@ __check_so_status() {
 }
 
 __check_salt_master() {
-	local salt_master_status
+	$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" systemctl is-active --quiet salt-master
-	salt_master_status=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" systemctl is-active --quiet salt-master)
+	return $?
-	[[ -z $salt_master_status ]] && salt_master_status=1
-	return $salt_master_status
 }
 
 check_network_manager_conf() {